Overview

overview

10

Static

static

3

JaffaCakes...e7.exe

windows7-x64

10

JaffaCakes...e7.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    JaffaCakes118_5b19ef1cc8a6810ae136959210929ae7

  • Size

    184KB

  • Sample

    250309-y7c97szp16

  • MD5

    5b19ef1cc8a6810ae136959210929ae7

  • SHA1

    1ffb7e92ebe4f40ef2a64fdf50550729596ee464

  • SHA256

    2a6310c272ff9cff0141e57e98fbeb2c23bb71cbe4a80928621e3595a62303e0

  • SHA512

    49eae0a63b7d9f0377f195a9582892119a30709ead826a3b247298ad93b6169d3aa1af97d638ebabe3908c8ef9dd622fcbeca6b31932c1763f51b7284fb4291e

  • SSDEEP

    3072:NfJBs6WoDQq8qB4FXRhXrQwxulz0MjV8jQ703WbaziBhHFLUb+:NJBs6Wo38qWFXRdEaIz38pW2zclLUb

Score
10/10
gh0stratdiscoverypersistencerat

Malware Config

Targets

    • Target

      JaffaCakes118_5b19ef1cc8a6810ae136959210929ae7

    • Size

      184KB

    • MD5

      5b19ef1cc8a6810ae136959210929ae7

    • SHA1

      1ffb7e92ebe4f40ef2a64fdf50550729596ee464

    • SHA256

      2a6310c272ff9cff0141e57e98fbeb2c23bb71cbe4a80928621e3595a62303e0

    • SHA512

      49eae0a63b7d9f0377f195a9582892119a30709ead826a3b247298ad93b6169d3aa1af97d638ebabe3908c8ef9dd622fcbeca6b31932c1763f51b7284fb4291e

    • SSDEEP

      3072:NfJBs6WoDQq8qB4FXRhXrQwxulz0MjV8jQ703WbaziBhHFLUb+:NJBs6Wo38qWFXRdEaIz38pW2zclLUb

    Score
    10/10
    gh0stratdiscoverypersistencerat

    • Gh0st RAT payload

    • Gh0strat

      Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

      ratgh0strat

    • Gh0strat family

      gh0strat

    • Server Software Component: Terminal Services DLL

      persistence

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks